Select Page
SMB compression behavior & settings changes

SMB compression behavior & settings changes

Heya folks, Ned here again. As you know from a previous post, we released an end-to-end SMB compression capability with Windows 11 and Windows Server 2022. You can learn all about it at SMB Compression | Microsoft Docs.    There was ... continue reading
Pic1.png

Q: Who is adding a bunch of DNS records to my environment?

The other day a client asked everyone in operations who added some odd DNS records, everyone on the admin team denied making any changes, no one in engineering did it either. They determined the user that made the new record ... continue reading
Screenshot of a section of a configuration file.

MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone

Microsoft security researchers have discovered a post-compromise capability we’re calling MagicWeb, which is used by a threat actor we track as NOBELIUM to maintain persistent access to compromised environments. NOBELIUM remains highly active, executing multiple campaigns in parallel targeting government ... continue reading
Screenshot of a Sliver implant configuration data extracted from the process memory of a Sliver backdoor.

Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks

Microsoft has observed the Sliver command-and-control (C2) framework now being adopted and integrated in intrusion campaigns by nation-state threat actors, cybercrime groups directly supporting ransomware and extortion, and other threat actors to evade detection. We’ve seen these actors use Sliver ... continue reading
Monitoring my hybrid environment – part 2?

Monitoring my hybrid environment – part 2?

Hello folks, 2 weeks ago, as part of my series on setting up my demo environment to reflect a typical hybrid (on-prem Azure) environment I covered the basics of what I needed to support operational requirements like monitoring/insights, patch management, ... continue reading

A multidimensional approach to journalism security

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Runa Sandvik, Former Senior Director of Information Security at The New York Times ... continue reading
wernerrall_0-1658494757903.png

Right Size/Recommend Azure SQL Managed Instance

Introduction When doing SQL Migrations we have some wonderful tools at Microsoft that will assist you with the migration from On-Premise to Azure. But What happens down the line when you need to decide if you made the correct choice ... continue reading
Code depicting the vulnerable function with the strcpy invocation in it

Uncovering a ChromeOS remote memory corruption vulnerability

Microsoft discovered a memory corruption vulnerability in a ChromeOS component that can be triggered remotely, allowing attackers to perform either a denial-of-service (DoS) or, in extreme cases, remote code execution (RCE). Following our D-Bus blog post that focused on Linux, ... continue reading
A blue screen with three panels titled Databases, Insights and Governance highlighting the three product suites making up the intelligent data platform. Under Databases is SQL, Cosmos DB, PostgreSQL, and MySQL, under Insights is Azure Synapse Analytics, Power BI, and Databricks, and Under Governance is Microsoft Purview.

Gain Deeper Insights with Microsoft Intelligent Data Platform

Data is foundational to any digital transformation strategy, yet many organizations struggle to understand what data they have, how to extract insights from it, and how to govern it—according to a 2022 Evanta survey1, over half of Chief Data Officers ... continue reading
How to change the user account for Windows Containers

How to change the user account for Windows Containers

Containers in general are seen as a turnkey solution to run applications. Once the app has been finalized, you expect the container to run the same way regardless of the environment. However, just like any other platform, there are some ... continue reading